Context difference between a Task Sequence in MDT and SCCM

I have gotten this question so many times now when writing scripts and blog posts what the difference is between a Task Sequence in MDT and SCCM. In some scenarios this makes a huge difference and is important to know about.

When you execute an OSD Task Sequence in MDT you are logged on as the local administrator account as shown below. Which means that all Scripts, Applications etc. is run as the local administrator account.

When you use Configuration Manager the Task Sequence is executed in System context which means that scripts, applications are executed in System Context. So if we enable F8 support (Remember testing only!) we are running in System Context.

Why is this important?, well if you test and install applications using Configuration Manager you should always test them in System Context and not as the local administrator, this can be done using PSexec. When you develop and run scripts you need to be aware of this as well and again test them in System Context if applicable.
An example would be the script I blogged a while ago to set a corporate wallpaper in Windows 10, when running that script we need to take ownership of the files in question before we can replace them. If we run it in MDT we need to the “Administrator” to own the files to be able to replace them, if we use Configuration Manager we need to use “System” instead to own the files.

My name is Jörgen Nilsson and I work as a Senior Consultant at Onevinn in Malmö, Sweden. This is my blog where I will share tips and stuff for my own and everyone elses use on Enterprise Mobility and Windows related topics.
All code is provided "AS-IS" with no warranties.